Report: Closing the gender gap in cybersecurity

Special Projects

Facing a worsening talent shortfall and contemplating 1.8 million unfilled cybersecurity positions by 2022, the cybersecurity industry is now grappling with one blazingly obvious part of the problem: the dramatic underrepresentation of women in the field.

Somehow, in one of the world’s most popular and dynamic fields, only 11% of professionals are women. That seems like a great place to start looking for solutions, so Kaspersky Lab undertook a study to learn more about the obstacles between women and careers in cybersecurity. The topic is multifaceted and complex, so we didn’t expect simple answers. Nor will we, as a cybersecurity company, attempt to delve into the variable and sometimes fraught sociological factors at play.

To be clear, the skills gap is not tied to gender. We found that young women have the skills to enter the industry, and they tend to have positive opinions about cybersecurity’s role in society. They are not, however, pursuing cybersecurity careers, and our research implicates two broad causes: educational guidance and a lack of role models.

Education

Young people tend to set out on their career paths well before their first job search begins, and that shapes their choices of school subjects.

We found that boys are significantly more likely than girls to choose mathematics (49% vs. 36%) and IT (21% vs. 7%) as their preferred subjects at school. Those subject areas are common foundations of a career in cybersecurity — indeed, more than 57% of women surveyed cited the absence of experience in coding as a reason for not choosing cybersecurity for a career.

Helping girls and young women further their natural interest in STEM topics is something that can begin at home and at school. Janice Richardson, senior advisor at European Schoolnet, says, “Schools have a big role to play, and cybersecurity will only become attractive as a career path when young people are able to grasp the full sense and exciting challenges it offers.”

Early in life, Richardson points out, three out of four parents lack sufficient information to guide children’s choices that might lead toward or away from a cybersecurity career path. It is also critical, she says, to break down preconceived ideas of males, the media, and the general public on stereotypes and “suitable” professions for girls.

As parents, teachers, and schools find opportunities to guide young pupils toward STEM topics from which they are often steered away, the industry could find benefits in vying for their attention before those children begin making and acting on career decisions. For the young women we surveyed, the average age for that is just shy of 16.

Role models

A distinct lack of female role models or influencers drags the industry: 69% of young people say they have never met somebody who works in the cybersecurity industry, and only 11% of them have met a woman who works in the industry. The disparity clearly has an effect. After meeting a fellow female who works in cybersecurity, 63% of women think more positively about the sector.

The effect can snowball, with fewer women in the sector leading to even fewer women in the sector. And although education is certainly a key factor, Jacky Fox, Deloitte’s director of Cyber Risk, points out that it isn’t the key. A candidate having a technology background is an advantage, but the importance of inclusivity in the workplace cannot be overlooked. “The tipping point for a group to no longer feel like a minority is 30%….The ‘brogrammers’ culture and military-style language can be off-putting to women. We are careful with our recruitment campaigns to make them gender neutral. When I first started working in the technology industry there were very few female role models. In Deloitte Ireland, our cyber team is 30% women.”

And then there is the flip side: Women already in the industry can act as beacons to draw more young women in, by promoting knowledge of cybersecurity as a vibrant career choice, by acting as role models, and by mentoring.